TEAHEE
Normal
- Device ID
47186ef241ea495885522e5d4930eda3- 호스트명
- TEAHEE
- Local IP
- 172.27.1.29
- External IP
- 119.206.248.238
- 플랫폼
- Windows
- OS 버전
- Windows 11
- Agent 버전
- 7.31.20309.0
- 처음 연결
- 2025-12-17 20:27:00
- 마지막 연결
- 2025-12-22 08:19:32
Tags
태그 없음
Related Alerts
전체 보기
| 심각도 | 설명 | 시간 |
|---|---|---|
| Informational | A process has written a known EICAR test file. Review the files written by the triggered process. | 12-22 08:15 |
| High | Adversaries may establish persistence and elevate privileges by using an installer to trigger the execution of malicious content. Please review the installer package and any pre- or post-install actions. | 12-22 08:15 |
| High | A regsvr32 process appears to be related to a Squiblydoo attempt. Squiblydoo uses regsvr32 to pass a malicious script to scrobj.dll and registers a com object. Review the script passed to scrobj.dll on the command line. | 12-22 08:15 |
| Critical | A process saved the Security Account Manager SAM or SYSTEM hive to disk. If this is unexpected, it likely indicates credential theft. Investigate the process tree. | 12-22 08:15 |
| High | Adversaries may establish persistence and elevate privileges by using an installer to trigger the execution of malicious content. Please review the installer package and any pre- or post-install actions. | 12-22 08:15 |
| High | A process attempted to download a file using bitsadmin in an unusual way. The file might be a malicious payload. Investigate the process tree. | 12-22 08:15 |
| High | Adversaries may establish persistence and elevate privileges by using an installer to trigger the execution of malicious content. Please review the installer package and any pre- or post-install actions. | 12-22 08:15 |
| High | Adversaries may establish persistence and elevate privileges by using an installer to trigger the execution of malicious content. Please review the installer package and any pre- or post-install actions. | 12-22 08:15 |
| Informational | A process has written a known EICAR test file. Review the files written by the triggered process. | 12-22 08:12 |
| High | Certutil was observed downloading file(s) from a remote location. This process is rarely used benignly in this context. Please review the command line and process tree. | 12-22 08:12 |
Raw JSON Data
{"device_id":"47186ef241ea495885522e5d4930eda3","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.31.20309.0","hostname":"TEAHEE","local_ip":"172.27.1.29","external_ip":"119.206.248.238","mac_address":"e8-84-a5-3f-53-7c","platform_name":"Windows","os_version":"Windows 11","system_product_name":"ZenBook UX325EA_UX325EA","status":"normal","first_seen":"2025-12-17T11:27:00Z","last_seen":"2025-12-21T23:19:32Z","tags":[],"groups":["4f5aa5f1cdc6441982cf5c58e4b5d75a"],"group_hash":"fb152e9135984fe6b0778b98d0f86fd4060a555e6c7baa220904d1a05b5e7961","policies":[{"policy_type":"prevention","policy_id":"64c665c08ab745759d0a84d7db7a784d","applied":true,"applied_date":"2025-12-17T11:40:23.785237494Z"}],"reduced_functionality_mode":"no","is_online":false,"FirstSeenAt":"2025-12-17T20:27:00+09:00","LastSeenAt":"2025-12-22T08:19:32+09:00"}
Status
- Connection Offline
- Isolation Normal
- 관련 알림 10
Actions
Uninstall Token
센서 삭제 시 필요한 토큰입니다. Uninstall Protection이 활성화된 경우에만 필요합니다.